Singapore defense ministry suffers data breach affecting 850 users

Breach in Ministry of Defence's system compromised the personal data of 850 national servicemen and employees, whose identification and telephone numbers as well as birthdates were stolen.
Written by Eileen Yu, Senior Contributing Editor

Singapore's Ministry of Defence (Mindef) says a security breach earlier this month has compromised the personal data of 850 national servicemen and employees.

The ministry identified a breach in its I-net system, which supported web-connected computer terminals its employees and national servicemen used for personal online communications or internet browsing. National servicemen encompass male citizens of Singapore, all of whom are required to undergo mandatory uniformed services such as military or police.

According to Mindef, the dedicated internet kiosks were located within the ministry building as well as Singapore Armed Forces camps and premises. It said the I-net system did not contain any classified military data, which were used on a separate system with no connection to the internet and had more stringent security features.

Data stolen in the breach included the victims' national identification numbers, telephone numbers, and dates of birth. These personal information were used to manage user accounts and stored on I-net. All affected by the breach had been notified and instructed to change their passwords, including other systems if they had used the same passwords to access those services.

Mindef said I-net was disconnected once the breach was detected and forensic investigations were initiated to assess the damage. As an added precaution, the ministry said it conducted investigations of all other systems within Mindef and the armed forces. It also informed Singapore's cybersecurity government agency and government CIO department so they could investigate other public sector systems, though, no other breach had been detected.

Investigations still were ongoing, it said, noting that the cyberattack seemed "targeted and carefully planned". "The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems," it said.

The ministry said it would continue to provide internet kiosks as its employees and national servicemen required online access.

The Singapore government last June announced plans to remove internet access from all workstations used by employees in the public sector, which operated a network of 100,000 computers. Government employees instead would have online access only on dedicated terminals or rely on their own personal mobile devices, which would not be connected to government e-mail systems.

Prime Minister Lee Hsien Loong had described the move as necessary to beef up the security of critical infrastructure, adding that the implementation was expected to be completed across the public sector by mid-2017.

Lee just last week mooted the possibility of a national digital identification system that can be used to access both public and private sector services. This, he said, would expand beyond the functions of SingPass, an existing citizen account used for e-government services, to include access to a wider range of transactions.

A 2014 security breach had affected 1,560 SingPass accounts, though, Minister for Communication and Information Yaacob Ibrahim then said there was no vulnerability in the system. He said the breach could have been the result of weak user passwords or malware.

Commenting on the Mindef breach, Darktrace's Asia-Pacific managing director Sanjay Aurora said the attack aimed to "erode" data integrity and trust in public institutions. It also underscored the need for businesses to tap machine-learning and artificial intelligence (AI) to automatically detect and respond to potential threats, before data could be compromised.

Aurora said: "Although it appears Mindef has responded swiftly to this incident, the reality is that no human can keep up in this rapidly-evolving threat landscape. It is a cyber arms race and AI technology that self-learns what is 'normal' for a network, and automatically identifies and takes action against abnormal behaviour and genuine threats, will be instrumental in safeguarding critical information and infrastructure."

Editorial standards